Within Pentana Risk Permissions are used to control what each User can do within the System, what information they can view, edit and create.
- How can I give Users Permissions?
- What are Core Permissions?
- What are Complex Permissions?
- Which Permissions allow Users to view inactive items?
- Default Ownership and Visibility
How can I give Users Permissions?
A User can be granted a Permission in two ways
Directly – Permissions can be directly assigned to a User under the ‘Permissions’ Panel on their User Notebook. Select the Panel title and then ‘Add Permissions’, you can search for the permission you need to add to the User, select the tick-box next to it and then ‘Add Permissions’.
Indirectly – Users can inherit a Permission by being a part of a Role that has been assigned that Permission. In the same way that Permissions can be attached to Users, you can also attach Permissions to a Role. Any User that is a part of that Role then Automatically indirectly assigned those Permissions.
Note: When viewing the Users notebook, any permission with the icon are inherited Permissions
You can also open the Permissions Screen by Navigating to GoTo > More > Permissions. Which will show a list of all Permissions and by selecting the corresponding numbers next to them, you can view which Users and Roles have these Permissions.
You can also control a User's ability to grant Permissions. When a User has a Permission assigned to them directly and they have the Permission assigned under the ‘Grantable Permissions’ Panel, they can assign that Permission to other Users and Roles.
What are Core Permissions?
Core permissions do not require ownership over an object to take effect, and will affect any item the User has visibility of.
For example, a User called James Watts has two core permissions: Actions_Admin and Feedback_Close. This means that:
- James is able to create a new Action, edit any Action data (including all customer fields), delete any Actions, and create sub-Actions for any Action which he has visibility of using the Actions_Admin permission.
- Close any Feedback items he has visibility of using the Feedback_Close permission.
What are Complex Permissions?
Complex Permissions in Pentana Performance are those which are only applied when the User holding that Permission is added to a specific Ownership. These Permissions each have 6 versions, the Core version that works for any Ownership, and Complex versions that only work for their indicated Ownerships.
A key benefit to using Complex Permissions is that you gain much more control over what your Users are able to do to module items while giving them visibility of a large portion of your site, as opposed to using the Core version of a Permission which provides the User full access to anything they have Ownership of, including the Also Visible To Ownership.
For example, a User called James Watts has two Complex Permissions: Actions_Admin Administered By and Actions_Update Assigned To.
- When James is given or inherits only Administered By Ownership of an Action, he'll be able to make changes to all aspects of the Action, even deleting it. This is because the Actions_Admin Administered By Permission will now work as he is an Administrator for this Action.
- When he has only Assigned To Ownership of an Action, however, he will only be able to make changes to the Progress of the Action, and submit notes on these changes. This is because the Actions_Update Assigned To Permission has been enabled by James being an Assignee, whereas the Actions_Admin Administered By Permission hasn't been enabled as he doesn't have Administered By Ownership.
- If James has only Managed By Ownership of an Action, he won't be able to make any changes to the Action as neither of his Permissions will be enabled by this Ownership type.
In addition to these Complex Permissions, there are those referred to as semi-complex Permissions that will only unlock abilities for Users in a certain Ownership level. For example, the Actions_Create or PI_Create Permissions will only work for Users with Administered By Ownership of Actions or PIs. Note that Users with one of these Permissions can also create new items for that Module, and will automatically gain Administered By ownership when doing so.
A full list of complex and non-complex permissions is available in the Online Help. Throughout the Online Help, the addition of "(+ complex)" indicates that this is a Complex Permission.
Which Permissions allow Users to view inactive items?
Users who have the View Inactive Permission for the relevant module, are able to see any inactive items they have ownership of. Note that in most cases these Permissions will not function in Classic.
- For Actions, this is the Actions_View_Inactive Permission
- For Audit Files, this is the Audit_Files_View_Inactive Permission
- For Recommendations, this is the Audit_Recommendations_View_Inactive Permission
- For PIs, this is the PI_View_Inactive Permission
- For Risks, this is the Risks_View_Inactive Permission
Additionally, Site Administrators are able to view any inactive item on the system, and do not need the above permissions to do so.
Default Ownership and Visibility
Default Visibility can be configured for your Site so that when a new item is created, a Role is automatically added to the ‘Also Visible To’ Ownership. This can be configured within the General settings page under the Site Admin section of the GoTo menu.
Default Ownership (currently for Feedback and Action types) will automatically add selected Users or Roles to the specified Ownerships. These settings can be configured within the Action types page in Browser and the Feedback Types area in Classic.